Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/src/java.base/share/classes/sun/security/ssl/CertSignAlgsExtension.java
41159 views
1
/*

2
 * Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.  Oracle designates this

8
 * particular file as subject to the "Classpath" exception as provided

9
 * by Oracle in the LICENSE file that accompanied this code.

10
 *

11
 * This code is distributed in the hope that it will be useful, but WITHOUT

12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

14
 * version 2 for more details (a copy is included in the LICENSE file that

15
 * accompanied this code).

16
 *

17
 * You should have received a copy of the GNU General Public License version

18
 * 2 along with this work; if not, write to the Free Software Foundation,

19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

20
 *

21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

22
 * or visit www.oracle.com if you need additional information or have any

23
 * questions.

24
 */

25


26
package sun.security.ssl;

27


28
import java.io.IOException;

29
import java.nio.ByteBuffer;

30
import java.util.List;

31
import sun.security.ssl.SSLExtension.ExtensionConsumer;

32
import sun.security.ssl.SSLHandshake.HandshakeMessage;

33
import sun.security.ssl.SignatureAlgorithmsExtension.SignatureSchemesSpec;

34


35
/**

36
 * Pack of the "signature_algorithms_cert" extensions.

37
 */

38
final class CertSignAlgsExtension {

39
    static final HandshakeProducer chNetworkProducer =

40
            new CHCertSignatureSchemesProducer();

41
    static final ExtensionConsumer chOnLoadConsumer =

42
            new CHCertSignatureSchemesConsumer();

43
    static final HandshakeConsumer chOnTradeConsumer =

44
            new CHCertSignatureSchemesUpdate();

45


46
    static final HandshakeProducer crNetworkProducer =

47
            new CRCertSignatureSchemesProducer();

48
    static final ExtensionConsumer crOnLoadConsumer =

49
            new CRCertSignatureSchemesConsumer();

50
    static final HandshakeConsumer crOnTradeConsumer =

51
            new CRCertSignatureSchemesUpdate();

52


53
    static final SSLStringizer ssStringizer =

54
            new CertSignatureSchemesStringizer();

55


56
    private static final

57
            class CertSignatureSchemesStringizer implements SSLStringizer {

58
        @Override

59
        public String toString(HandshakeContext hc, ByteBuffer buffer) {

60
            try {

61
                return (new SignatureSchemesSpec(hc, buffer))

62
                        .toString();

63
            } catch (IOException ioe) {

64
                // For debug logging only, so please swallow exceptions.

65
                return ioe.getMessage();

66
            }

67
        }

68
    }

69


70
    /**

71
     * Network data producer of a "signature_algorithms_cert" extension in

72
     * the ClientHello handshake message.

73
     */

74
    private static final

75
            class CHCertSignatureSchemesProducer implements HandshakeProducer {

76
        // Prevent instantiation of this class.

77
        private CHCertSignatureSchemesProducer() {

78
            // blank

79
        }

80


81
        @Override

82
        public byte[] produce(ConnectionContext context,

83
                HandshakeMessage message) throws IOException {

84
            // The producing happens in client side only.

85
            ClientHandshakeContext chc = (ClientHandshakeContext)context;

86


87
            // Is it a supported and enabled extension?

88
            if (!chc.sslConfig.isAvailable(

89
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {

90
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

91
                    SSLLogger.fine(

92
                            "Ignore unavailable " +

93
                            "signature_algorithms_cert extension");

94
                }

95


96
                return null;    // ignore the extension

97
            }

98


99
            // Produce the extension.

100
            if (chc.localSupportedSignAlgs == null) {

101
                chc.localSupportedSignAlgs =

102
                    SignatureScheme.getSupportedAlgorithms(

103
                            chc.sslConfig,

104
                            chc.algorithmConstraints, chc.activeProtocols);

105
            }

106


107
            int vectorLen = SignatureScheme.sizeInRecord() *

108
                    chc.localSupportedSignAlgs.size();

109
            byte[] extData = new byte[vectorLen + 2];

110
            ByteBuffer m = ByteBuffer.wrap(extData);

111
            Record.putInt16(m, vectorLen);

112
            for (SignatureScheme ss : chc.localSupportedSignAlgs) {

113
                Record.putInt16(m, ss.id);

114
            }

115


116
            // Update the context.

117
            chc.handshakeExtensions.put(

118
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT,

119
                    new SignatureSchemesSpec(chc.localSupportedSignAlgs));

120


121
            return extData;

122
        }

123
    }

124


125
    /**

126
     * Network data consumer of a "signature_algorithms_cert" extension in

127
     * the ClientHello handshake message.

128
     */

129
    private static final

130
            class CHCertSignatureSchemesConsumer implements ExtensionConsumer {

131
        // Prevent instantiation of this class.

132
        private CHCertSignatureSchemesConsumer() {

133
            // blank

134
        }

135


136
        @Override

137
        public void consume(ConnectionContext context,

138
            HandshakeMessage message, ByteBuffer buffer) throws IOException {

139
            // The consuming happens in server side only.

140
            ServerHandshakeContext shc = (ServerHandshakeContext)context;

141


142
            // Is it a supported and enabled extension?

143
            if (!shc.sslConfig.isAvailable(

144
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {

145
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

146
                    SSLLogger.fine(

147
                            "Ignore unavailable " +

148
                            "signature_algorithms_cert extension");

149
                }

150
                return;     // ignore the extension

151
            }

152


153
            // Parse the extension.

154
            SignatureSchemesSpec spec = new SignatureSchemesSpec(shc, buffer);

155


156
            // Update the context.

157
            shc.handshakeExtensions.put(

158
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT, spec);

159


160
            // No impact on session resumption.

161
        }

162
    }

163


164
    /**

165
     * After session creation consuming of a "signature_algorithms_cert"

166
     * extension in the ClientHello handshake message.

167
     */

168
    private static final class CHCertSignatureSchemesUpdate

169
            implements HandshakeConsumer {

170
        // Prevent instantiation of this class.

171
        private CHCertSignatureSchemesUpdate() {

172
            // blank

173
        }

174


175
        @Override

176
        public void consume(ConnectionContext context,

177
                HandshakeMessage message) throws IOException {

178
            // The consuming happens in server side only.

179
            ServerHandshakeContext shc = (ServerHandshakeContext)context;

180


181
            SignatureSchemesSpec spec = (SignatureSchemesSpec)

182
                    shc.handshakeExtensions.get(

183
                            SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT);

184
            if (spec == null) {

185
                // Ignore, no signature_algorithms_cert extension requested.

186
                return;

187
            }

188


189
            // update the context

190
            List<SignatureScheme> schemes =

191
                    SignatureScheme.getSupportedAlgorithms(

192
                            shc.sslConfig,

193
                            shc.algorithmConstraints, shc.negotiatedProtocol,

194
                            spec.signatureSchemes);

195
            shc.peerRequestedCertSignSchemes = schemes;

196
            shc.handshakeSession.setPeerSupportedSignatureAlgorithms(schemes);

197


198
            if (!shc.isResumption && shc.negotiatedProtocol.useTLS13PlusSpec()) {

199
                if (shc.sslConfig.clientAuthType !=

200
                        ClientAuthType.CLIENT_AUTH_NONE) {

201
                    shc.handshakeProducers.putIfAbsent(

202
                            SSLHandshake.CERTIFICATE_REQUEST.id,

203
                            SSLHandshake.CERTIFICATE_REQUEST);

204
                }

205
                shc.handshakeProducers.put(SSLHandshake.CERTIFICATE.id,

206
                        SSLHandshake.CERTIFICATE);

207
                shc.handshakeProducers.putIfAbsent(

208
                        SSLHandshake.CERTIFICATE_VERIFY.id,

209
                        SSLHandshake.CERTIFICATE_VERIFY);

210
            }

211
        }

212
    }

213


214
    /**

215
     * Network data producer of a "signature_algorithms_cert" extension in

216
     * the CertificateRequest handshake message.

217
     */

218
    private static final

219
            class CRCertSignatureSchemesProducer implements HandshakeProducer {

220
        // Prevent instantiation of this class.

221
        private CRCertSignatureSchemesProducer() {

222
            // blank

223
        }

224


225
        @Override

226
        public byte[] produce(ConnectionContext context,

227
                HandshakeMessage message) throws IOException {

228
            // The producing happens in server side only.

229
            ServerHandshakeContext shc = (ServerHandshakeContext)context;

230


231
            // Is it a supported and enabled extension?

232
            if (!shc.sslConfig.isAvailable(

233
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {

234
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

235
                    SSLLogger.fine(

236
                            "Ignore unavailable " +

237
                            "signature_algorithms_cert extension");

238
                }

239
                return null;    // ignore the extension

240
            }

241


242
            // Produce the extension.

243
            List<SignatureScheme> sigAlgs =

244
                    SignatureScheme.getSupportedAlgorithms(

245
                            shc.sslConfig,

246
                            shc.algorithmConstraints,

247
                            List.of(shc.negotiatedProtocol));

248


249
            int vectorLen = SignatureScheme.sizeInRecord() * sigAlgs.size();

250
            byte[] extData = new byte[vectorLen + 2];

251
            ByteBuffer m = ByteBuffer.wrap(extData);

252
            Record.putInt16(m, vectorLen);

253
            for (SignatureScheme ss : sigAlgs) {

254
                Record.putInt16(m, ss.id);

255
            }

256


257
            // Update the context.

258
            shc.handshakeExtensions.put(

259
                    SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT,

260
                    new SignatureSchemesSpec(shc.localSupportedSignAlgs));

261


262
            return extData;

263
        }

264
    }

265


266
    /**

267
     * Network data consumer of a "signature_algorithms_cert" extension in

268
     * the CertificateRequest handshake message.

269
     */

270
    private static final

271
            class CRCertSignatureSchemesConsumer implements ExtensionConsumer {

272
        // Prevent instantiation of this class.

273
        private CRCertSignatureSchemesConsumer() {

274
            // blank

275
        }

276
        @Override

277
        public void consume(ConnectionContext context,

278
            HandshakeMessage message, ByteBuffer buffer) throws IOException {

279
            // The consuming happens in client side only.

280
            ClientHandshakeContext chc = (ClientHandshakeContext)context;

281


282
            // Is it a supported and enabled extension?

283
            if (!chc.sslConfig.isAvailable(

284
                    SSLExtension.CH_SIGNATURE_ALGORITHMS_CERT)) {

285
                if (SSLLogger.isOn && SSLLogger.isOn("ssl,handshake")) {

286
                    SSLLogger.fine(

287
                            "Ignore unavailable " +

288
                            "signature_algorithms_cert extension");

289
                }

290
                return;     // ignore the extension

291
            }

292


293
            // Parse the extension.

294
            SignatureSchemesSpec spec = new SignatureSchemesSpec(chc, buffer);

295


296
            // Update the context.

297
            chc.handshakeExtensions.put(

298
                    SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT, spec);

299


300
            // No impact on session resumption.

301
        }

302
    }

303


304
    /**

305
     * After session creation consuming of a "signature_algorithms_cert"

306
     * extension in the CertificateRequest handshake message.

307
     */

308
    private static final class CRCertSignatureSchemesUpdate

309
            implements HandshakeConsumer {

310
        // Prevent instantiation of this class.

311
        private CRCertSignatureSchemesUpdate() {

312
            // blank

313
        }

314


315
        @Override

316
        public void consume(ConnectionContext context,

317
                HandshakeMessage message) throws IOException {

318
            // The consuming happens in client side only.

319
            ClientHandshakeContext chc = (ClientHandshakeContext)context;

320


321
            SignatureSchemesSpec spec = (SignatureSchemesSpec)

322
                    chc.handshakeExtensions.get(

323
                            SSLExtension.CR_SIGNATURE_ALGORITHMS_CERT);

324
            if (spec == null) {

325
                // Ignore, no "signature_algorithms_cert" extension requested.

326
                return;

327
            }

328


329
            // update the context

330
            List<SignatureScheme> schemes =

331
                    SignatureScheme.getSupportedAlgorithms(

332
                            chc.sslConfig,

333
                            chc.algorithmConstraints, chc.negotiatedProtocol,

334
                            spec.signatureSchemes);

335
            chc.peerRequestedCertSignSchemes = schemes;

336
            chc.handshakeSession.setPeerSupportedSignatureAlgorithms(schemes);

337
        }

338
    }

339
}

340


341